On November 12th, Abbott released his “We the People Plan” for Texas. Clearly he’s heard from Texans who want tough new health data privacy protections.

Topping his list are four terrific privacy recommendations for health and genetic data:

“Recognize a property right in one’s own DNA.”

“Make state agencies, before selling database information, acquire the consent of any individual whose data is to be released.”

“Prohibit data resale and anonymous purchasing by third parties.”

“Prohibit the use of cross referencing techniques to identify individuals whose data is used as a larger set of information in an online data base.”

The Omnibus Privacy Rule operationalized the technology section of the stimulus bill. It also clarified that states can pass data privacy laws that are stronger than HIPAA (which is a very weak floor for data protections).

Texans would overwhelmingly support the new state data protection laws Abbott recommends . If elected, hopefully Abbott would also include strong penalties for violations. Contracts don’t enforce themselves. External auditing and proof of trustworthy practices should be required.

Is this the beginning of a national trend? I think so.

The more the public learns about today’s health IT systems, the more they will reject health surveillance technologies that steal and sell sensitive personal health data.

Information security and privacy in the healthcare sector is an issue of growing importance but much remains to be done to address the various issues raised by healthcare consumers regarding privacy and security and the providers’ perspective of regulatory compliance.

Writing in the International Journal of Internet and Enterprise Management, Ajit Appari and Eric Johnson of Dartmouth College, Hanover, New Hampshire, USA, explain that the adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payers, all point towards the need for better information security. Without it patient privacy could be seriously compromised at great cost to individuals and to the standing of the healthcare industry.

Can you believe it? Doctors and hospitals that purchase electronic health records (EHRs) ‘wired’ for ‘back-door’ data mining will be paid to steal and use our sensitive health records without our permission!

The government and the massive health data mining industry won. Industry and the government’s plan to continue illegal and unethical data mining trumped Americans’ rights to health privacy.

The rules guarantee that employers, insurers, banks, and government will be able to use our sensitive health information—from prescriptions to DNA— to discriminate against us in jobs, credit, and insurance.

Instead, the new interim rules for EHRs should reward the purchase and use of ‘smart’ EHRs with consent technologies so patients control who can see and use their health records.

The stimulus billions will be wasted because doctors and hospitals will be rewarded for using obsolete, unethical EHR ‘clunkers’. Like the UK, the US will be forced to spend billions to correct a disastrously flawed national electronic health system that prevents patients from controlling their health records.